maartena
Stacked.
Premium
join:2002-05-10
Orange, CA
 ·RoadRunner Cable
| Can Vonage be tapped?
We all know that a regular phone line can quite easily be tapped from within the local CO, or if you are good enough right from near the home where you install a little transmitter on their line when no one is home.
I know VOIP as a matter of technology is pretty hard to tap into. It's mixed with all other internet traffic, and even with the slightest encryption you will not get the ability to do "live" wiretapping.
Now obviously the line can still be tapped on the other side, if you are calling a regular phone line. But what if you call vonage to vonage, can it be tapped somehow?
This is purely out of interest, not out of paranoia, or any other kind of concern. Just thought i'd check it out and throw it out there.
It would seem to me that unless you have actual access to the Vonage systems (which the NSA probably has just like they have access to ISP's etc), it isn't easy to listen into a vonage to vonage, or a vonage to other VOIP conversation.
--
"I reject your reality and substitute my own!" |
|
PX Eliezer
Premium
join:2008-08-09
New Jersey | cf:
»Security; Would you give out your SSN when using VOIP? |
|
mir
join:2000-09-08 | reply to maartena
It like looking for a Pin Head in haystack
Very Hard
They Must know lot of stuff About your Provider and your ISP. |
|
maartena
Stacked.
Premium
join:2002-05-10
Orange, CA
·RoadRunner Cable
| said by mir  :It like looking for a Pin Head in haystack Very Hard They Must know lot of stuff About your Provider and your ISP. Yeah being a nework engineer, I figured as much. I read the topic PX Eliezer linked, and the guy in there seems a bit paranoid to me. 
I was just interested to see if the NSA has a "way in", which they probably do at some point down the line, but the old fashioned sit-on-corner-of-street wiretapping can't be done with VOIP.
In any case, thanks.  |
|
mir
join:2000-09-08
| Let me tell ya How NSA would do it.
Call to VoIP (US Based)
Please send all the calls through Media Server and acess to that server.
Or
They can say please from Media server please broadcast stream to this IP X.X.X.X at this Port XX
That is it.
Every call will get recorded without User would knowing it |
|
priller
join:2000-10-20
Gainesville, VA
 ·voip.ms
·Callcentric
·Vonage
·callwithus
| In the years since CALEA was passed it has been greatly expanded to include all VoIP and broadband internet traffic. From 2004 to 2007 there was a 62 percent growth in the number of wiretaps performed under CALEA -- and more than 3,000 percent growth in interception of internet data such as email.
»en.wikipedia.org/wiki/Communicat···ment_Act |
|
maartena
Stacked.
Premium
join:2002-05-10
Orange, CA
·RoadRunner Cable
| reply to mir
said by mir :Let me tell ya How NSA would do it. Call to VoIP (US Based) Please send all the calls through Media Server and acess to that server. Or They can say please from Media server please broadcast stream to this IP X.X.X.X at this Port XX That is it. Every call will get recorded without User would knowing it That would make perfect sense. I would think that the NSA has a "device" at VOIP providers that can intercept the calls arriving at that central location.
I'm not too worried about it, fact of the matter is that if they WANT to know stuff about you, they WILL know stuff about you, one way or another. |
|
mir
join:2000-09-08
| Also think about it, it is lot resources to use.
I think Feds mandate by some date all calls should have ability to get easedropping. Easiset way for provider is setup a media server.
So when ever Feds wants they can give a IP add to send it.
Stream can be listen through WinAmp to Media player heeeee eee |
|
radam
join:2004-02-13
Fairfax Station, VA | reply to maartena
Yes, packets can be intercepted and reassembled. |
|
yardjockey42
join:2004-06-29
Columbus, OH | reply to maartena
Yes vonage can be tapped i did my own line was very easy
done it with software i downloaded from internet |
|
maartena
Stacked.
Premium
join:2002-05-10
Orange, CA | what software? |
|
garys_2k
join:2004-05-07
Farmington, MI
·Future Nine Corpor..
·Vonage
| Probably WireShark. The RTP stream isn't encrypted and WS can play it back as audio.
Still, other than the feds and your ISP, who can grab the packet stream? That's no different than POTS (except anybody with a cassette recorder and alligator clips can record a POTS call from the demarc on the side of the house). |
|
yardjockey42
join:2004-06-29
Columbus, OH | just google it thats what i did |
|
DogFace05
join:2005-12-09
Cary, NC
1 edit | reply to maartena
Absolutely. There are multiple possible techniques to accomplish this, with users of just about any provider out there.
The easiest, if connected to a hub shared with the target VoIP device, is to simply capture the voice stream with something along the lines of Wireshark.
If we're not on a shared hub, but still on the same network segment as the target, we can arbitrarily redirect any traffic from the target to go through us, by use of ARP cache poisoning. Some security researcher (IIRC, a year or so ago) wrote a program that would do just that--record the audio streams, and send them off to their intended destinations, leaving the victims none the wiser.
Next, the traditional way is for a Man-In-the-Middle (MIM) attack, where someone with equipment located somewhere along the communication path, can arbitrarily easily tap into someone's audio streams. This kind of capability, though, is generally limited to our fine big brother agencies.
However, it isn't necessary to be anywhere near the path. There are several techniques that can allow someone, for instance sitting in an office at the Ministry of Information in Mockba (Moscow for most of us here) or Beijing, to listen in on Joe von Achekleint's calls from his home in Little Rock, or just about any other VoIP user in our great land.
Not all techniques work for every case, but one can, for just about every case, find at least one method that will work.
Many users depend on STUN servers to inform their devices of their public IP addresses (and ports). A rogue STUN server, or one that has been compromised, can trivially easily be used to redirect the SIP and RTP streams between a device and its VoSP to go through an arbitrary remote tap. This tap can just as easily be located somewhere on the vast plains of outer Mongolia, as at Ahmed's Internet cafe in Damascus.
Then there are the ATAs and SIP phones themselves. All units of a specific design base from a certain company, have vulnerabilities that can readily be exploited to execute arbitrary code. Such vulnerabilities can to some extent be mitigated through the use of a proper firewall type (read symmetric NAT), although it won't stop someone able to spoof their source IP address. And to think that most providers, in their misguided wisdom, seem to urge people to locate their ATAs in their routers' DMZ. Yikes.
These vulnerabilities can be exploited to run code that patch a running adapter in RAM (making it virtually undetectable after the fact) to make it send a copy of all conversations to any convenient location out in the vast Internet. And because the 'bug' is in the adapter itself, there's no encryption to stop the guest eavesdropper. These same vulnerabilities can be taken advantage of for any number of other nefarious activities useful to an attacker. And although I'm referring to a specific family of adapters, it's very likely that most VoIP adapters out there contain similarly exploitable flaws. |
|
